mirror of
https://github.com/hohn/sarif-cli.git
synced 2025-12-16 09:13:04 +01:00
0f070a6ae4
This command introduces a new tree structure that pulls in a collection
of sarif files. In yaml format, an example is
- creation_date: '2021-12-09' # Repository creation date
primary_language: javascript # By lines of code
project_name: treeio/treeio # Repo name-short name
query_commit_id: fa9571646c # Commit id for custom (non-library) queries
sarif_content: {} # The sarif content will be attached here
sarif_file_name: 2021-12-09/results.sarif # Path to sarif file
scan_start_date: '2021-12-09' # Beginning date/time of scan
scan_stop_date: '2021-12-10' # End date/time of scan
tool_name: codeql
tool_version: v1.27
- creation_date: '2022-02-25'
primary_language: javascript
...
At run time,
cd ~/local/sarif-cli/data/treeio
sarif-extract-multi multi-sarif-01.json test-multi-table
will load the specified sarif files and put them in place of
`sarif_content`, then build tables against the new signature found in
sarif_cli/signature_multi.py, and merge those into 6 larger tables. The
exported tables are
artifacts.csv path-problem.csv project.csv
codeflows.csv problem.csv related-locations.csv
and they have join keys for further operations.
The new typegraph is rendered in
notes/typegraph-multi.pdf
using the instructions in
sarif_cli/signature_multi.py
67 lines
2.3 KiB
Bash
67 lines
2.3 KiB
Bash
# -*- sh -*-
|
|
# The purpose of this tool set is working with sarif at the shell / file level,
|
|
# across multiple versions of the same sarif result set, and across many
|
|
# repositories.
|
|
#
|
|
# These tests mirror that goal: they work on files using the tools and use
|
|
# standard unix utilities to verify contents.
|
|
#
|
|
|
|
sarif-results-summary -h
|
|
|
|
#
|
|
# Simple failure checks. These should produce no output.
|
|
#
|
|
test_files="
|
|
../data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif
|
|
../data/torvalds_linux__2021-10-21_10_07_00__export.sarif
|
|
../data/treeio/results.sarif
|
|
"
|
|
for file in $test_files ; do
|
|
sarif-results-summary $file > /dev/null
|
|
done
|
|
for file in $test_files ; do
|
|
sarif-results-summary -r $file > /dev/null
|
|
done
|
|
|
|
#
|
|
# The following are for iterating and evolving result inspection to find test
|
|
# cases covering the different output options. They are intended for manual use
|
|
# and review.
|
|
#
|
|
read -r file srcroot <<< "../data/treeio/2021-12-09/results.sarif ../data/treeio/treeio"
|
|
|
|
# All results, minimal output
|
|
sarif-results-summary $file | less
|
|
|
|
# All results, related locations output
|
|
sarif-results-summary -r $file | less
|
|
|
|
# All results, related locations and source output
|
|
sarif-results-summary -r -s $srcroot $file | less
|
|
|
|
# single-line result, no flow steps
|
|
start="sanitizer.py:8:1:8:16"
|
|
sarif-results-summary $file | sed -n "/$start/,/RESULT/p" | sed '$d' | less
|
|
|
|
# single-line result, with flow steps
|
|
start="treeio.core.middleware.chat.py:395:29:395:33"
|
|
sarif-results-summary $file | sed -n "/$start/,/RESULT/p" | sed '$d' | less
|
|
|
|
# single-line result, with flow steps, with relatedLocations
|
|
start="treeio.core.middleware.chat.py:395:29:395:33"
|
|
sarif-results-summary -r $file | sed -n "/$start/,/RESULT/p" | sed '$d' | less
|
|
|
|
# single-line result, with flow steps compacted
|
|
start="treeio.core.middleware.chat.py:395:29:395:33"
|
|
sarif-results-summary -e $file | sed -n "/$start/,/RESULT/p" | sed '$d' | less
|
|
|
|
# multi-line result, no flow steps, with relatedLocations and source
|
|
start=editor_plugin_src.js:722:72:722:73
|
|
sarif-results-summary -r -s $srcroot $file | sed -n "/$start/,/RESULT/p" | sed '$d' | less
|
|
|
|
# multi-line result, with flow steps, with relatedLocations and source
|
|
start=modal-form.html:89:35:93:14
|
|
sarif-results-summary -r -s $srcroot $file | sed -n "/$start/,/RESULT/p" | sed '$d' | less
|
|
|